Multi-Tenancy Default tenant when 2 different users login
26 views
Skip to first unread message
Max
Mar 27, 2026, 2:48:06 AM (11 days ago) Mar 27
to Wazuh | Mailing List
Hi,
Is there a way for me to configure within the opensearch config (or with my current deployment through the Kubernetes configmap) of the Wazuh dashboard to automatically detect which Tenant the User logging in has permissions to and go to that Tenant?
For example:
1 user named Test_A with permissions to a Tenant named Customer_A
and another named Test_B with permissions to a Tenant named Customer_B
and when I log in as either user, I want them to be defaulted to their tenants.
Thanks for any help and cheers,
Max
For example:
1 user named Test_A with permissions to a Tenant named Customer_A
and another named Test_B with permissions to a Tenant named Customer_B
and when I log in as either user, I want them to be defaulted to their tenants.
Thanks for any help and cheers,
Max
ismail....@wazuh.com
Mar 27, 2026, 4:28:42 AM (11 days ago) Mar 27
to Wazuh | Mailing List
Hi,
We are working on this and will keep you updated on our progress.
Regards,
We are working on this and will keep you updated on our progress.
Regards,
ismail....@wazuh.com
Mar 27, 2026, 6:33:58 AM (11 days ago) Mar 27
to Wazuh | Mailing List
Hi,
Thank you for your query. Based on the current capabilities of the Wazuh Dashboard (OpenSearch Dashboards), tenant access can be controlled through roles and role mappings. However, automatic tenant selection at login based on user permissions is not supported. The platform does not provide a mechanism within the OpenSearch configuration or Kubernetes ConfigMaps to dynamically detect a user’s assigned tenant and redirect them accordingly upon login.
While it is possible to configure a default tenant using the uiSettings.overrides.defaultRoute parameter, this setting is applied globally to all users and cannot be customized on a per-user basis. Additionally, parameters such as opensearch_security.multitenancy.tenants.preferred only influence the ordering and visibility of tenants in the user interface and do not control or enforce automatic tenant selection.
As an alternative approach, you can use a tenant-specific URL to directly access a particular tenant in the Wazuh Dashboard. This allows users to log in and be redirected to the intended tenant without manually selecting it from the interface. For example, users can access the dashboard using the following format: https://<IP or Domain>/app/dashboards?security_tenant=<Tenant Name>
As a recommended approach, users can be restricted to access only their respective tenants through role-based access control, ensuring proper tenant isolation. Please refer to this document https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/multi-tenancy.html https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html#use-case-give-a-user-permissions-to-read-and-manage-a-group-of-agents
As an additional note, if you are using an identity provider such as Keycloak (OIDC/SAML) for authentication, you may implement a custom redirection mechanism at the SSO or reverse proxy level. For example, based on user attributes or roles defined in Keycloak, users can be redirected to a tenant-specific URL (e.g., /app/dashboards?security_tenant=<Tenant Name>) after successful login.
Regards,
Thank you for your query. Based on the current capabilities of the Wazuh Dashboard (OpenSearch Dashboards), tenant access can be controlled through roles and role mappings. However, automatic tenant selection at login based on user permissions is not supported. The platform does not provide a mechanism within the OpenSearch configuration or Kubernetes ConfigMaps to dynamically detect a user’s assigned tenant and redirect them accordingly upon login.
While it is possible to configure a default tenant using the uiSettings.overrides.defaultRoute parameter, this setting is applied globally to all users and cannot be customized on a per-user basis. Additionally, parameters such as opensearch_security.multitenancy.tenants.preferred only influence the ordering and visibility of tenants in the user interface and do not control or enforce automatic tenant selection.
As an alternative approach, you can use a tenant-specific URL to directly access a particular tenant in the Wazuh Dashboard. This allows users to log in and be redirected to the intended tenant without manually selecting it from the interface. For example, users can access the dashboard using the following format: https://<IP or Domain>/app/dashboards?security_tenant=<Tenant Name>
As a recommended approach, users can be restricted to access only their respective tenants through role-based access control, ensuring proper tenant isolation. Please refer to this document https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/multi-tenancy.html https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html#use-case-give-a-user-permissions-to-read-and-manage-a-group-of-agents
As an additional note, if you are using an identity provider such as Keycloak (OIDC/SAML) for authentication, you may implement a custom redirection mechanism at the SSO or reverse proxy level. For example, based on user attributes or roles defined in Keycloak, users can be redirected to a tenant-specific URL (e.g., /app/dashboards?security_tenant=<Tenant Name>) after successful login.
Regards,
Reply all
Reply to author
Forward
0 new messages